Bulletins | CERT@VDE

Meridian Cooperative Meridian

Title

Meridian Cooperative Meridian

Published

June 14, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02

Summary

This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.

14.06.2022

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

Title

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

Published

June 14, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03

Summary

This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.

07.06.2022

Mitsubishi Electric MELSEC and MELIPC Series (Update C)

Title

Mitsubishi Electric MELSEC and MELIPC Series (Update C)

Published

June 7, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Summary

This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update B) that was published April 26, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...

03.06.2022

Vulnerabilities Affecting Dominion Voting Systems ImageCast X

Title

Vulnerabilities Affecting Dominion Voting Systems ImageCast X

Published

June 3, 2022, 9 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-154-01

Summary

This advisory contains mitigations for Improper Verification of Cryptographic Signature, Mutable Attestation of Measurement Reporting Data, Hidden Functionality, Improper Protection of Alternate Path, Path Traversal: ''../filedir', Execution with Unnecessary Privileges, Authentication Bypass Spoofing, Incorrect Privilege Assignment, and Origin Validation Error vulnerabilities in versions of Dominion Voting Systems Democracy Suite ImageCast ...

02.06.2022

Carrier LenelS2 HID Mercury access panels

Title

Carrier LenelS2 HID Mercury access panels

Published

June 2, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-153-01

Summary

This advisory contains mitigations for Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, and OS Command Injection vulnerabilities in Carrier HID Mercury access panels sold by LenlS2.

02.06.2022

Illumina Local Run Manager

Title

Illumina Local Run Manager

Published

June 2, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02

Summary

This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Cleartext Transmission of Sensitive Information vulnerabilities in Illumina devices using Local Run Manager software.

May 2022

https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02

BD Synapsys

Title

BD Synapsys

Published

May 31, 2022, 4:25 p.m.

URL

Summary

This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.

Mitsubishi Electric MELSEC iQ-F Series (Update A)

Title

Mitsubishi Electric MELSEC iQ-F Series (Update A)

Published

May 31, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series that was published May 19, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.

Mitsubishi Electric FA Products (Update A)

Title

Mitsubishi Electric FA Products (Update A)

Published

May 31, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of ...

Mitsubishi Electric Multiple Products (Update D)

Title

Mitsubishi Electric Multiple Products (Update D)

Published

May 31, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.

Mitsubishi Electric Factory Automation Engineering Software (Update B)

Title

Mitsubishi Electric Factory Automation Engineering Software (Update B)

Published

May 31, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage on ucisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.

26.05.2022

Keysight N6854A Geolocation server and N6841A RF Sensor software

Title

Keysight N6854A Geolocation server and N6841A RF Sensor software

Published

May 26, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01

Summary

This advisory contains mitigations for Relative Path Traversal, and Deserialization of Untrusted Data vulnerabilities in Keysight N6854A Geolocation and server and N6841A Sensor software, a spectrum monitoring platform.

26.05.2022

Horner Automation Cscape Csfont

Title

Horner Automation Cscape Csfont

Published

May 26, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02

Summary

This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, and Heap-based Buffer Overflow vulnerabilities in Horner Automation Cscape PLC management software.

24.05.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-144-02

Matrikon OPC Server

Title

Matrikon OPC Server

Published

May 24, 2022, 4:10 p.m.

URL

Summary

This advisory contains mitigations for an Improper Access Control vulnerability in Makitron OPC software.

24.05.2022

Mitsubishi Electric FA Engineering Software Products (Update E)

Title

Mitsubishi Electric FA Engineering Software Products (Update E)

Published

May 24, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update D) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi ...

24.05.2022

Mitsubishi Electric Factory Automation Engineering Products (Update G)

Title

Mitsubishi Electric Factory Automation Engineering Products (Update G)

Published

May 24, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update F) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...

19.05.2022

Mitsubishi Electric MELSEC iQ-F Series

Title

Mitsubishi Electric MELSEC iQ-F Series

Published

May 19, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01

Summary

This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.

17.05.2022

Circutor COMPACT DC-S BASIC

Title

Circutor COMPACT DC-S BASIC

Published

May 17, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-137-01

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Circutor COMPACT DC-S BASIC smart metering concentrator.

Mitsubishi Electric MELSOFT iQ AppPortal

Title

Mitsubishi Electric MELSOFT iQ AppPortal

Published

May 12, 2022, 4:50 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02

Summary

This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.

Inkscape in Industrial Products

Title

Inkscape in Industrial Products

Published

May 12, 2022, 4:48 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-03

Summary

This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.

Cambium Networks cnMaestro

Title

Cambium Networks cnMaestro

Published

May 12, 2022, 4:46 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04

Summary

This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.

Siemens Industrial PCs and CNC devices

Title

Siemens Industrial PCs and CNC devices

Published

May 12, 2022, 4:44 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05

Summary

This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.